Total
2296 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-50852 | 1 Tendacn | 2 G3, G3 Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| Tenda G3 v3.0 v15.11.0.20 was discovered to contain a command injection vulnerability via the formSetUSBPartitionUmount function. | |||||
| CVE-2024-52739 | 2024-11-21 | N/A | 8.0 HIGH | ||
| D-LINK DI-8400 v16.07.26A1 was discovered to contain multiple remote command execution (RCE) vulnerabilities in the msp_info_htm function via the flag and cmd parameters. | |||||
| CVE-2024-7517 | 2024-11-21 | N/A | N/A | ||
| A command injection vulnerability in Brocade Fabric OS before 9.2.0c, and 9.2.1 through 9.2.1a on IP extension platforms could allow a local authenticated attacker to perform a privileged escalation via crafted use of the portcfg command. This specific exploitation is only possible on IP Extension platforms: Brocade 7810, Brocade 7840, Brocade 7850 and on Brocade X6 or X7 directors with an SX-6 Extension blade installed. The attacker must be logged into the switch via SSH or serial console to conduct the attack. | |||||
| CVE-2024-8640 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 8.5 HIGH |
| An issue has been discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. Due to incomplete input filtering, it was possible to inject commands into a connected Cube server. | |||||
| CVE-2024-7897 | 1 Tosei-corporation | 1 Online Store Management System | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical has been found in Tosei Online Store Management System ネット店舗管理システム 4.02/4.03/4.04. This affects an unknown part of the file /cgi-bin/tosei_kikai.php. The manipulation of the argument kikaibangou leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-7896 | 1 Tosei-corporation | 1 Online Store Management System | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in Tosei Online Store Management System ネット店舗管理システム 4.02/4.03/4.04. It has been rated as critical. Affected by this issue is some unknown functionality of the file /cgi-bin/p1_ftpserver.php. The manipulation of the argument adr_txt leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-7215 | 1 Totolink | 2 Lr1200, Lr1200 Firmware | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in TOTOLINK LR1200 9.3.1cu.2832 and classified as critical. Affected by this issue is the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument host_time leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-272786 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-7214 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability has been found in TOTOLINK LR350 9.3.5u.6369_B20220309 and classified as critical. Affected by this vulnerability is the function setWanCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272785 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-7181 | 1 Totolink | 2 A3600r, A3600r Firmware | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. This vulnerability affects the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument telnet_enabled leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-272602 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-7177 | 1 Totolink | 2 A3600r, A3600r Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been classified as critical. Affected is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument langType leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-272598 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-7174 | 1 Totolink | 2 A3600r, A3600r Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability, which was classified as critical, was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. This affects the function setdeviceName of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument deviceMac/deviceName leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272595. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-7160 | 1 Totolink | 2 A3700r, A3700r Firmware | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical has been found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Affected is the function setWanCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-272574 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-7158 | 1 Totolink | 2 A3100r, A3100r Firmware | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in TOTOLINK A3100R 4.1.2cu.5050_B20200504. It has been declared as critical. This vulnerability affects the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument telnet_enabled leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272572. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-6333 | 2024-11-21 | N/A | 7.2 HIGH | ||
| Authenticated Remote Code Execution in Altalink, Versalink & WorkCentre Products. | |||||
| CVE-2024-6269 | 2024-11-21 | 5.8 MEDIUM | 4.7 MEDIUM | ||
| A vulnerability has been found in Ruijie RG-UAC 1.0 and classified as critical. This vulnerability affects the function get_ip.addr_details of the file /view/vpn/autovpn/sxh_vpnlic.php of the component HTTP POST Request Handler. The manipulation of the argument indevice leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-269482 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-6257 | 2024-11-21 | N/A | 8.4 HIGH | ||
| HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution. | |||||
| CVE-2024-5411 | 2024-11-21 | N/A | N/A | ||
| Missing input validation and OS command integration of the input in the ORing IAP-420 web-interface allows authenticated command injection.This issue affects IAP-420 version 2.01e and below. | |||||
| CVE-2024-5196 | 2024-11-21 | 5.8 MEDIUM | 4.7 MEDIUM | ||
| A vulnerability classified as critical has been found in Arris VAP2500 08.50. This affects an unknown part of the file /tools_command.php. The manipulation of the argument cmb_header/txt_command leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-265833 was assigned to this vulnerability. | |||||
| CVE-2024-5195 | 2024-11-21 | 5.8 MEDIUM | 4.7 MEDIUM | ||
| A vulnerability was found in Arris VAP2500 08.50. It has been rated as critical. Affected by this issue is some unknown functionality of the file /diag_s.php. The manipulation of the argument customer_info leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-265832. | |||||
| CVE-2024-5194 | 2024-11-21 | 5.8 MEDIUM | 4.7 MEDIUM | ||
| A vulnerability was found in Arris VAP2500 08.50. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /assoc_table.php. The manipulation of the argument id leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-265831. | |||||